Secure your FastAPI endpoints using API keys.
Report Bug
·
Request Feature
On deployment inject API keys authorized to use your service. Every call to a private
endpoint of your service has to include a header['x-api-key'] attribute that is
validated against the API keys in your environment.
If it is present, a request is authorized. If it is not FastAPI return 401 Unauthorized.
Use this either as a middleware, or as Dependency.
- Clone and install
git clone https://github.com/iwpnd/fastapi-key-auth.git poetry install
- Install with pip
pip install fastapi-key-auth
- Install with poetry
poetry add fastapi-key-auth
As Middleware:
from fastapi import FastAPI
from fastapi_key_auth import AuthorizerMiddleware
app = FastAPI()
app.add_middleware(AuthorizerMiddleware, public_paths=["/ping"], key_pattern="API_KEY_")
# optional use regex startswith
app.add_middleware(AuthorizerMiddleware, public_paths=["/ping", "^/users"])As Dependency
from fastapi import FastAPI, Depends
from fastapi_key_auth import AuthorizerDependency
authorizer = AuthorizerDependency(key_pattern="API_KEY_")
# either globally or in a router
app = FastAPI(dependencies=[Depends(authorizer)])Distributed under the MIT License. See LICENSE for more information.
Benjamin Ramser - @imwithpanda - ahoi@iwpnd.pw
Project Link: https://github.com/iwpnd/fastapi-key-auth